Skip to content

Commit

Permalink
🐛 Use email instead of userName for activation email message (#434)
Browse files Browse the repository at this point in the history 
-  Use email instead of userName for activation email message.

New self service registration logic does not use userName attribute. Instead it uses email and optionally login attributes. It is safer to use email to display registration completion messages.

Resolves OKTA-166442
  • Loading branch information
@uvartak-okta @nikhilvenkatraman-okta
uvartak-okta authored and nikhilvenkatraman-okta committed May 1, 2018
1 parent 5bc7d5d commit abf038f
Show file tree
Hide file tree
Showing 4 changed files with 132 additions and 31 deletions.
4 changes: 2 additions & 2 deletions src/RegistrationController.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -106,7 +106,7 @@ function (
});
} else {
// register via activation email
this.model.appState.set('username', this.model.get('userName'));
this.model.appState.set('username', this.model.get('email'));
this.model.appState.trigger('navigate', 'signin/register-complete');
}
},
Expand All @@ -115,7 +115,7 @@ function (
this.model.attributes = postData;
Backbone.Model.prototype.save.call(this.model).then(function() {
var activationToken = self.model.get('activationToken');
var postSubmitData = activationToken ? activationToken : self.model.get('userName');
var postSubmitData = activationToken ? activationToken : self.model.get('email');
self.settings.postSubmit(postSubmitData, function() {
self.doPostSubmit();
}, function(errors) {
Expand Down
4 changes: 3 additions & 1 deletion src/util/RegistrationFormFactory.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -78,7 +78,9 @@ define([

if (_.isString(regex)) {
if (regex === '^[#/userName]') {
var username = model.get('userName');
// with email as login enabled, we only have email populated
// Therefore we fallback and run validation with email attribute.
var username = model.has('userName') ? model.get('userName'): model.get('email');
var password = value;
return !passwordContainsUserName(username, password);
} else {
Expand Down
17 changes: 16 additions & 1 deletion test/unit/helpers/dom/RegistrationForm.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,8 @@ define(['./Form'], function (Form) {

var FIRSTNAME_FIELD = 'firstName';
var LASTNAME_FIELD = 'lastName';
var EMAIL_FIELD = 'userName';
var USERNAME_FIELD = 'userName';
var EMAIL_FIELD = 'email';
var PASSWORD_FIELD = 'password';
var REFERRER_FIELD = 'referrer';

Expand Down Expand Up @@ -50,6 +51,14 @@ define(['./Form'], function (Form) {
field.trigger('change');
},

userNameField: function () {
return this.input(USERNAME_FIELD);
},

userNameErrorField: function () {
return this.error(USERNAME_FIELD);
},

emailField: function () {
return this.input(EMAIL_FIELD);
},
Expand All @@ -58,6 +67,12 @@ define(['./Form'], function (Form) {
return this.error(EMAIL_FIELD);
},

setUserName: function (val) {
var field = this.userNameField();
field.val(val);
field.trigger('change');
},

setEmail: function (val) {
var field = this.emailField();
field.val(val);
Expand Down
138 changes: 111 additions & 27 deletions test/unit/spec/Registration_spec.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ function (Q, _, $, OktaAuth, Backbone, Util, Expect, Beacon, RegForm, RegSchema,
Router, $sandbox, Errors, srcUtil, resSuccess) {

var itp = Expect.itp;

var tick = Expect.tick;
var testData = {
policyId: '1234',
profileSchema: {
Expand All @@ -44,6 +44,13 @@ function (Q, _, $, OktaAuth, Backbone, Util, Expect, Beacon, RegForm, RegSchema,
'default': 'Enter your email',
'maxLength': 255
},
'email': {
'type': 'string',
'description': 'Email Address',
'format' : 'email',
'default': 'Enter your email',
'maxLength': 255
},
'accountLevel': {
'type': 'string',
'description': 'Account Level',
Expand Down Expand Up @@ -143,7 +150,7 @@ function (Q, _, $, OktaAuth, Backbone, Util, Expect, Beacon, RegForm, RegSchema,
});
itp('policyid is retrieved from default org policy', function () {
return setup().then(function (test) {
test.form.setEmail('test@example.com');
test.form.setUserName('test@example.com');
test.form.setPassword('Abcd1234');
test.form.setFirstname('firstName');
test.form.setLastname('LastName');
Expand All @@ -158,7 +165,7 @@ function (Q, _, $, OktaAuth, Backbone, Util, Expect, Beacon, RegForm, RegSchema,
});
itp('policyid from form settings is used instead of default org policy', function () {
return setup().then(function (test) {
test.form.setEmail('test@example.com');
test.form.setUserName('test@example.com');
test.form.setPassword('Abcd1234');
test.form.setFirstname('firstName');
test.form.setLastname('LastName');
Expand All @@ -175,7 +182,7 @@ function (Q, _, $, OktaAuth, Backbone, Util, Expect, Beacon, RegForm, RegSchema,
itp('sends relay state with registration post if set', function () {
return setup().then(function (test) {
$.ajax.calls.reset();
test.form.setEmail('test@example.com');
test.form.setUserName('test@example.com');
test.form.setPassword('Abcd1234');
spyOn(srcUtil, 'getJsonFromUrl').and.callFake(function () {
return {
Expand All @@ -191,7 +198,7 @@ function (Q, _, $, OktaAuth, Backbone, Util, Expect, Beacon, RegForm, RegSchema,
itp('sends relay state as empty string with registration post if not set', function () {
return setup().then(function (test) {
$.ajax.calls.reset();
test.form.setEmail('test@example.com');
test.form.setUserName('test@example.com');
test.form.setPassword('Abcd1234');
spyOn(srcUtil, 'getJsonFromUrl').and.callFake(function () {
return {
Expand Down Expand Up @@ -220,11 +227,11 @@ function (Q, _, $, OktaAuth, Backbone, Util, Expect, Beacon, RegForm, RegSchema,
expect(lastname.attr('type')).toEqual('text');
});
});
itp('has a email field', function () {
itp('has a username field', function () {
return setup().then(function (test) {
var email = test.form.emailField();
expect(email.length).toBe(1);
expect(email.attr('type')).toEqual('text');
var userName = test.form.userNameField();
expect(userName.length).toBe(1);
expect(userName.attr('type')).toEqual('text');
});
});
itp('has a password field', function () {
Expand Down Expand Up @@ -262,7 +269,7 @@ function (Q, _, $, OktaAuth, Backbone, Util, Expect, Beacon, RegForm, RegSchema,
itp('shows an error if email is empty and register', function () {
return setup().then(function (test) {
test.form.submit();
expect(test.form.emailErrorField().length).toBe(1);
expect(test.form.userNameErrorField().length).toBe(1);
});
});
itp('shows an error if firstname is too long', function () {
Expand All @@ -286,7 +293,7 @@ function (Q, _, $, OktaAuth, Backbone, Util, Expect, Beacon, RegForm, RegSchema,
});
itp('shows password complexity satisfied if it is satisfied', function () {
return setup().then(function (test) {
test.form.setEmail('test@example.com');
test.form.setUserName('test@example.com');
test.form.setPassword('Abcd');
test.form.focusOutPassword();
expect(test.form.hasPasswordComplexityUnsatisfied('0')).toBe(true);
Expand All @@ -298,7 +305,7 @@ function (Q, _, $, OktaAuth, Backbone, Util, Expect, Beacon, RegForm, RegSchema,
});
itp('shows password complexity error if focus out and not satisfied', function () {
return setup().then(function (test) {
test.form.setEmail('test@example.com');
test.form.setUserName('test@example.com');
test.form.setPassword('12345678');
test.form.focusOutPassword();
expect(test.form.hasPasswordComplexitySatisfied('0')).toBe(true);
Expand All @@ -310,7 +317,7 @@ function (Q, _, $, OktaAuth, Backbone, Util, Expect, Beacon, RegForm, RegSchema,
});
itp('shows no password complexity error if focus out and satisfied all conditions', function () {
return setup().then(function (test) {
test.form.setEmail('test@example.com');
test.form.setUserName('test@example.com');
test.form.setPassword('Abcd1234');
test.form.focusOutPassword();
expect(test.form.hasPasswordComplexitySatisfied('0')).toBe(true);
Expand All @@ -322,7 +329,7 @@ function (Q, _, $, OktaAuth, Backbone, Util, Expect, Beacon, RegForm, RegSchema,
});
itp('shows no password complexity section if no password entered', function () {
return setup().then(function (test) {
test.form.setEmail('test@example.com');
test.form.setUserName('test@example.com');
test.form.setPassword('');
test.form.focusOutPassword();
expect(test.form.isPasswordComplexitySectionHidden('0')).toBe(true);
Expand All @@ -334,7 +341,7 @@ function (Q, _, $, OktaAuth, Backbone, Util, Expect, Beacon, RegForm, RegSchema,
});
itp('shows password complexity section if password entered', function () {
return setup().then(function (test) {
test.form.setEmail('test@example.com');
test.form.setUserName('test@example.com');
test.form.setPassword('Abcd1234');
test.form.focusOutPassword();
expect(test.form.isPasswordComplexitySectionHidden('0')).toBe(false);
Expand All @@ -346,7 +353,7 @@ function (Q, _, $, OktaAuth, Backbone, Util, Expect, Beacon, RegForm, RegSchema,
});
itp('shows error if password contains part of the username:testing', function () {
return setup().then(function (test) {
test.form.setEmail('testing');
test.form.setUserName('testing');
test.form.setPassword('Testing1234');
test.form.focusOutPassword();
expect(test.form.passwordContainsUsernameError()).toBe(true);
Expand Down Expand Up @@ -375,7 +382,7 @@ function (Q, _, $, OktaAuth, Backbone, Util, Expect, Beacon, RegForm, RegSchema,
});
itp('shows error if password contains part of username:testing1234@okta.com', function () {
return setup().then(function (test) {
test.form.setEmail('testing1234@okta.com');
test.form.setUserName('testing1234@okta.com');
test.form.setPassword('Testing1234');
test.form.focusOutPassword();
expect(test.form.passwordContainsUsernameError()).toBe(true);
Expand All @@ -401,7 +408,7 @@ function (Q, _, $, OktaAuth, Backbone, Util, Expect, Beacon, RegForm, RegSchema,
});
itp('shows error if password contains part of the username:testing_123', function () {
return setup().then(function (test) {
test.form.setEmail('testing_123');
test.form.setUserName('testing_123');
test.form.setPassword('testing');
test.form.focusOutPassword();
expect(test.form.passwordContainsUsernameError()).toBe(true);
Expand All @@ -423,6 +430,49 @@ function (Q, _, $, OktaAuth, Backbone, Util, Expect, Beacon, RegForm, RegSchema,
});
});
itp('shows error if password contains part of username:first-last.name@okta.com', function () {
return setup().then(function (test) {
test.form.setUserName('first-last.name@okta.com');
test.form.setPassword('Abcd1234');
test.form.focusOutPassword();
expect(test.form.passwordContainsUsernameError()).toBe(false);
test.form.setPassword('Testingfirst');
test.form.focusOutPassword();
expect(test.form.passwordContainsUsernameError()).toBe(true);
test.form.setPassword('last_1234');
test.form.focusOutPassword();
expect(test.form.passwordContainsUsernameError()).toBe(true);
test.form.setPassword('testName1234');
test.form.focusOutPassword();
expect(test.form.passwordContainsUsernameError()).toBe(true);
});
});
itp('shows error if password contains part of email:testing1234@okta.com', function () {
return setup().then(function (test) {
test.form.setEmail('testing1234@okta.com');
test.form.setPassword('Testing1234');
test.form.focusOutPassword();
expect(test.form.passwordContainsUsernameError()).toBe(true);
test.form.setPassword('testing1234@okta.com');
test.form.focusOutPassword();
expect(test.form.passwordContainsUsernameError()).toBe(true);
test.form.setPassword('abcdTesting1234');
test.form.focusOutPassword();
expect(test.form.passwordContainsUsernameError()).toBe(true);
test.form.setPassword('aatesting34');
test.form.focusOutPassword();
expect(test.form.passwordContainsUsernameError()).toBe(false);
test.form.setPassword('12aatesting');
test.form.focusOutPassword();
expect(test.form.passwordContainsUsernameError()).toBe(false);
test.form.setPassword('12testingaBtesting');
test.form.focusOutPassword();
expect(test.form.passwordContainsUsernameError()).toBe(false);
test.form.setPassword('Okta1234');
test.form.focusOutPassword();
expect(test.form.passwordContainsUsernameError()).toBe(true);
});
});
itp('shows error if password contains part of email:first-last.name@okta.com', function () {
return setup().then(function (test) {
test.form.setEmail('first-last.name@okta.com');
test.form.setPassword('Abcd1234');
Expand All @@ -441,7 +491,7 @@ function (Q, _, $, OktaAuth, Backbone, Util, Expect, Beacon, RegForm, RegSchema,
});
itp('hides password complexity error if password does not contain part of the username', function () {
return setup().then(function (test) {
test.form.setEmail('user@example.com');
test.form.setUserName('user@example.com');
test.form.setPassword('Abcd1234');
test.form.focusOutPassword();
expect(test.form.passwordContainsUsernameError()).toBe(false);
Expand All @@ -452,7 +502,7 @@ function (Q, _, $, OktaAuth, Backbone, Util, Expect, Beacon, RegForm, RegSchema,
return setup().then(function (test) {
test.form.setPassword('Abcd1234');
test.form.focusOutPassword();
test.form.setEmail('abcd@example.com');
test.form.setUserName('abcd@example.com');
expect(test.form.passwordContainsUsernameError()).toBe(true);
});
});
Expand Down Expand Up @@ -498,7 +548,7 @@ function (Q, _, $, OktaAuth, Backbone, Util, Expect, Beacon, RegForm, RegSchema,
return setup(setting)
.then(function (test) {
$.ajax.calls.reset();
test.form.setEmail('test@example.com');
test.form.setUserName('test@example.com');
test.form.setPassword('Abcd1234');
test.form.setFirstname('firstName');
test.form.submit();
Expand Down Expand Up @@ -546,7 +596,7 @@ function (Q, _, $, OktaAuth, Backbone, Util, Expect, Beacon, RegForm, RegSchema,
return setup(setting)
.then(function (test) {
$.ajax.calls.reset();
test.form.setEmail('test@example.com');
test.form.setUserName('test@example.com');
test.form.setPassword('Abcd1234');
test.form.setFirstname('firstName');
test.form.submit();
Expand All @@ -572,7 +622,7 @@ function (Q, _, $, OktaAuth, Backbone, Util, Expect, Beacon, RegForm, RegSchema,
return setup(setting)
.then(function (test) {
$.ajax.calls.reset();
test.form.setEmail('test@example.com');
test.form.setUserName('test@example.com');
test.form.setPassword('Abcd1234');
test.form.setFirstname('firstName');
test.form.setReferrer('referrer');
Expand Down Expand Up @@ -611,7 +661,7 @@ function (Q, _, $, OktaAuth, Backbone, Util, Expect, Beacon, RegForm, RegSchema,
$.ajax.calls.reset();
expect(test.form.getFieldByName('zip').length).toBe(1);
expect(test.form.fieldPlaceholder('zip')).toBe('Zip');
test.form.setEmail('test');
test.form.setUserName('test');
test.form.setPassword('Abcd1234');
test.form.setFirstname('firstName');
test.form.submit();
Expand Down Expand Up @@ -642,14 +692,48 @@ function (Q, _, $, OktaAuth, Backbone, Util, Expect, Beacon, RegForm, RegSchema,
return setup(setting)
.then(function (test) {
$.ajax.calls.reset();
test.form.setEmail('test@example.com');
test.form.setUserName('test@example.com');
test.form.setPassword('Abcd1234');
test.form.setFirstname('firstName');
test.form.submit();
var model = test.router.controller.model;
spyOn(Backbone.Model.prototype, 'save').and.returnValue($.Deferred().resolve());
model.save();
expect(setting.registration.postSubmit).toHaveBeenCalled();
});
});
itp('calls postSubmit call onSuccess assert username is same as email', function () {
var parseSchemaSpy = jasmine.createSpy('parseSchemaSpy');
var preSubmitSpy = jasmine.createSpy('preSubmitSpy');
var setting = {
'registration': {
'parseSchema': function (resp, onSuccess, onFailure) {
parseSchemaSpy(resp, onSuccess, onFailure);
onSuccess(resp);
},
'preSubmit': function (postData, onSuccess, onFailure) {
preSubmitSpy(postData, onSuccess, onFailure);
onSuccess(postData);
},
'postSubmit': jasmine.createSpy('postSubmitSpy')
}
};
return setup(setting)
.then(function (test) {
$.ajax.calls.reset();
test.form.setUserName('test@example.com');
test.form.setPassword('Abcd1234');
test.form.setFirstname('firstName');
test.form.submit();
var model = test.router.controller.model;
spyOn(Backbone.Model.prototype, 'save').and.returnValue($.Deferred().resolve());
model.save();
test.router.navigate('signin/register-complete', {trigger: true});
expect(setting.registration.postSubmit).toHaveBeenCalled();
expect(test.router.navigate).toHaveBeenCalledWith('signin/register-complete', {trigger: true});
return tick().then(function () {
expect( $('div.registration-complete').text().includes('Verification email sent')).toBe(true);
});
});
});
itp('does not call postSubmit if registration.postSubmit is defined and preSubmit calls onFailure', function () {
Expand All @@ -671,7 +755,7 @@ function (Q, _, $, OktaAuth, Backbone, Util, Expect, Beacon, RegForm, RegSchema,
return setup(setting)
.then(function (test) {
$.ajax.calls.reset();
test.form.setEmail('test@example.com');
test.form.setUserName('test@example.com');
test.form.setPassword('Abcd1234');
test.form.setFirstname('firstName');
test.form.submit();
Expand Down Expand Up @@ -704,7 +788,7 @@ function (Q, _, $, OktaAuth, Backbone, Util, Expect, Beacon, RegForm, RegSchema,
return setup(setting)
.then(function (test) {
$.ajax.calls.reset();
test.form.setEmail('test');
test.form.setUserName('test');
test.form.setPassword('Abcd1234');
test.form.setFirstname('firstName');
test.form.submit();
Expand Down

0 comments on commit abf038f

Please sign in to comment.